feat(auth): Added TenantAwareFirebaseAuth class (#227)

Author: hiranya911

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs

@@ -72,6 +72,7 @@ await Assert.ThrowsAsync<InvalidOperationException>(
                 async () => await auth.SetCustomUserClaimsAsync("user", null));
             await Assert.ThrowsAsync<InvalidOperationException>(
                 async () => await auth.GetOidcProviderConfigAsync("oidc.provider"));
+            Assert.Throws<InvalidOperationException>(() => auth.TenantManager);
         }
 
         [Fact]

FirebaseAdmin/FirebaseAdmin.Tests/Auth/Multitenancy/TenantManagerTest.cs

@@ -603,6 +603,51 @@ await Assert.ThrowsAsync<ArgumentException>(
             Assert.Empty(handler.Requests);
         }
 
+        [Fact]
+        public void AuthForTenant()
+        {
+            var auth = CreateFirebaseAuth();
+
+            var tenantAwareAuth = auth.TenantManager.AuthForTenant("tenant1");
+
+            Assert.Equal("tenant1", tenantAwareAuth.TenantId);
+        }
+
+        [Fact]
+        public void AuthForTenantCaching()
+        {
+            var auth = CreateFirebaseAuth();
+
+            var tenantAwareAuth1 = auth.TenantManager.AuthForTenant("tenant1");
+            var tenantAwareAuth2 = auth.TenantManager.AuthForTenant("tenant1");
+
+            Assert.Same(tenantAwareAuth1, tenantAwareAuth2);
+        }
+
+        [Theory]
+        [MemberData(nameof(InvalidStrings))]
+        public void AuthForTenantNoTenantId(string tenantId)
+        {
+            var auth = CreateFirebaseAuth();
+
+            var exception = Assert.Throws<ArgumentException>(
+                () => auth.TenantManager.AuthForTenant(tenantId));
+            Assert.Equal("Tenant ID cannot be null or empty.", exception.Message);
+        }
+
+        [Fact]
+        public async Task UseAfterDelete()
+        {
+            var auth = CreateFirebaseAuth();
+            var tenantManager = auth.TenantManager;
+            (auth as IFirebaseService).Delete();
+
+            await Assert.ThrowsAsync<ObjectDisposedException>(
+                () => tenantManager.GetTenantAsync("tenant1"));
+            Assert.Throws<ObjectDisposedException>(
+                () => tenantManager.AuthForTenant("tenant1"));
+        }
+
         private static FirebaseAuth CreateFirebaseAuth(HttpMessageHandler handler = null)
         {
             var tenantManager = new TenantManager(new TenantManager.Args

FirebaseAdmin/FirebaseAdmin/Auth/AbstractFirebaseAuth.cs

@@ -0,0 +1,63 @@
+// Copyright 2020, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using Google.Apis.Util;
+
+namespace FirebaseAdmin.Auth
+{
+    /// <summary>
+    /// Exposes Firebase Auth operations that are available in both tenant-aware and tenant-unaware
+    /// contexts.
+    /// </summary>
+    public abstract class AbstractFirebaseAuth : IFirebaseService
+    {
+        private readonly object authLock = new object();
+        private bool deleted;
+
+        internal AbstractFirebaseAuth(Args args)
+        {
+            args.ThrowIfNull(nameof(args));
+        }
+
+        /// <summary>
+        /// Deletes this <see cref="FirebaseAuth"/> service instance.
+        /// </summary>
+        void IFirebaseService.Delete()
+        {
+            lock (this.authLock)
+            {
+                this.deleted = true;
+                this.Cleanup();
+            }
+        }
+
+        internal virtual void Cleanup() { }
+
+        internal TResult IfNotDeleted<TResult>(Func<TResult> func)
+        {
+            lock (this.authLock)
+            {
+                if (this.deleted)
+                {
+                    throw new InvalidOperationException("Cannot invoke after deleting the app.");
+                }
+
+                return func();
+            }
+        }
+
+        internal class Args { }
+    }
+}

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseAuth.cs

@@ -28,20 +28,18 @@ namespace FirebaseAdmin.Auth
     /// This is the entry point to all server-side Firebase Authentication operations. You can
     /// get an instance of this class via <c>FirebaseAuth.DefaultInstance</c>.
     /// </summary>
-    public sealed class FirebaseAuth : IFirebaseService
+    public sealed class FirebaseAuth : AbstractFirebaseAuth
     {
         private readonly Lazy<FirebaseTokenFactory> tokenFactory;
         private readonly Lazy<FirebaseTokenVerifier> idTokenVerifier;
         private readonly Lazy<FirebaseTokenVerifier> sessionCookieVerifier;
         private readonly Lazy<FirebaseUserManager> userManager;
         private readonly Lazy<ProviderConfigManager> providerConfigManager;
         private readonly Lazy<TenantManager> tenantManager;
-        private readonly object authLock = new object();
-        private bool deleted;
 
         internal FirebaseAuth(Args args)
+        : base(args)
         {
-            args.ThrowIfNull(nameof(args));
             this.tokenFactory = args.TokenFactory.ThrowIfNull(nameof(args.TokenFactory));
             this.idTokenVerifier = args.IdTokenVerifier.ThrowIfNull(nameof(args.IdTokenVerifier));
             this.sessionCookieVerifier = args.SessionCookieVerifier.ThrowIfNull(
@@ -73,7 +71,7 @@ public static FirebaseAuth DefaultInstance
         /// <summary>
         /// Gets the <see cref="TenantManager"/> instance associated with the current project.
         /// </summary>
-        public TenantManager TenantManager => this.tenantManager.Value;
+        public TenantManager TenantManager => this.IfNotDeleted(() => this.tenantManager.Value);
 
         /// <summary>
         /// Returns the auth instance for the specified app.
@@ -1402,16 +1400,12 @@ public PagedAsyncEnumerable<AuthProviderConfigs<SamlProviderConfig>, SamlProvide
         /// <summary>
         /// Deletes this <see cref="FirebaseAuth"/> service instance.
         /// </summary>
-        void IFirebaseService.Delete()
+        internal override void Cleanup()
         {
-            lock (this.authLock)
-            {
-                this.deleted = true;
-                this.tokenFactory.DisposeIfCreated();
-                this.userManager.DisposeIfCreated();
-                this.providerConfigManager.DisposeIfCreated();
-                this.tenantManager.DisposeIfCreated();
-            }
+            this.tokenFactory.DisposeIfCreated();
+            this.userManager.DisposeIfCreated();
+            this.providerConfigManager.DisposeIfCreated();
+            this.tenantManager.DisposeIfCreated();
         }
 
         private async Task<bool> IsRevokedAsync(
@@ -1423,20 +1417,7 @@ private async Task<bool> IsRevokedAsync(
             return token.IssuedAtTimeSeconds < cutoff;
         }
 
-        private TResult IfNotDeleted<TResult>(Func<TResult> func)
-        {
-            lock (this.authLock)
-            {
-                if (this.deleted)
-                {
-                    throw new InvalidOperationException("Cannot invoke after deleting the app.");
-                }
-
-                return func();
-            }
-        }
-
-        internal sealed class Args
+        internal sealed new class Args : AbstractFirebaseAuth.Args
         {
             internal Lazy<FirebaseTokenFactory> TokenFactory { get; set; }
 

FirebaseAdmin/FirebaseAdmin/Auth/Multitenancy/TenantAwareFirebaseAuth.cs

@@ -0,0 +1,54 @@
+// Copyright 2020, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+
+namespace FirebaseAdmin.Auth.Multitenancy
+{
+    /// <summary>
+    /// The tenant-aware Firebase client. This can be used to perform a variety of
+    /// authentication-related operations, scoped to a particular tenant.
+    /// </summary>
+    public sealed class TenantAwareFirebaseAuth : AbstractFirebaseAuth
+    {
+        private TenantAwareFirebaseAuth(Args args)
+        : base(args)
+        {
+            this.TenantId = args.TenantId;
+            if (string.IsNullOrEmpty(this.TenantId))
+            {
+                throw new ArgumentException("Tenant ID cannot be null or empty.");
+            }
+        }
+
+        /// <summary>
+        /// Gets the tenant ID associated with this instance.
+        /// </summary>
+        public string TenantId { get; }
+
+        internal static TenantAwareFirebaseAuth Create(string tenantId)
+        {
+            var args = new Args()
+            {
+                TenantId = tenantId,
+            };
+            return new TenantAwareFirebaseAuth(args);
+        }
+
+        internal new class Args : AbstractFirebaseAuth.Args
+        {
+            public string TenantId { get; set; }
+        }
+    }
+}

FirebaseAdmin/FirebaseAdmin/Auth/Multitenancy/TenantManager.cs

@@ -52,10 +52,17 @@ public sealed class TenantManager : IDisposable
 
         private static readonly string ClientVersion = $"DotNet/Admin/{FirebaseApp.GetSdkVersion()}";
 
+        private readonly IDictionary<string, TenantAwareFirebaseAuth> tenants =
+            new Dictionary<string, TenantAwareFirebaseAuth>();
+
+        private readonly object tenantsLock = new object();
+
         private readonly string baseUrl;
 
         private readonly ErrorHandlingHttpClient<FirebaseAuthException> httpClient;
 
+        private bool disposed;
+
         internal TenantManager(Args args)
         {
             if (string.IsNullOrEmpty(args.ProjectId))
@@ -277,12 +284,54 @@ public PagedAsyncEnumerable<TenantsPage, Tenant> ListTenantsAsync(ListTenantsOpt
                 <ListTenantsRequest, TenantsPage, Tenant>(() => request, new PageManager());
         }
 
+        /// <summary>
+        /// Gets a <see cref="TenantAwareFirebaseAuth"/> instance scoped to the specified tenant.
+        /// </summary>
+        /// <param name="tenantId">A tenant identifier string.</param>
+        /// <returns>An object that can be used to perform tenant-aware operations.</returns>
+        /// <exception cref="ArgumentException">If the tenant ID argument is null or empty.
+        /// </exception>
+        public TenantAwareFirebaseAuth AuthForTenant(string tenantId)
+        {
+            if (string.IsNullOrEmpty(tenantId))
+            {
+                throw new ArgumentException("Tenant ID cannot be null or empty.");
+            }
+
+            TenantAwareFirebaseAuth auth;
+            lock (this.tenantsLock)
+            {
+                if (this.disposed)
+                {
+                    throw new ObjectDisposedException("TenantManager instance already disposed.");
+                }
+
+                if (!this.tenants.TryGetValue(tenantId, out auth))
+                {
+                    auth = TenantAwareFirebaseAuth.Create(tenantId);
+                    this.tenants[tenantId] = auth;
+                }
+            }
+
+            return auth;
+        }
+
         /// <summary>
         /// Cleans up and invalidates this instance. For internal use only.
         /// </summary>
         void IDisposable.Dispose()
         {
             this.httpClient.Dispose();
+            lock (this.tenantsLock)
+            {
+                this.disposed = true;
+                foreach (var auth in this.tenants.Values)
+                {
+                    (auth as IFirebaseService).Delete();
+                }
+
+                this.tenants.Clear();
+            }
         }
 
         internal static TenantManager Create(FirebaseApp app)